|
CERT-NL | |||||
Author/Source | : | Xander Jansen | Index | : | S-00-07 | |
Distribution | : | World | Page | : | 1 | |
Classification | : | External | Version | : | 1 | |
Subject | : | HP: Sec. Vulnerability with Ignite on Trusted systems | Date | : | 19-Feb-2000 |
By courtesy of HEWLETT-PACKARD COMPANY we received information on a vulnerability with Ignite on Trusted systems.
CERT-NL recommends to follow the guidelines outlined in section I.B.
HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00111, 17 Feb 2000
The information in the following Security Advisory should be acted upon as soon as possible. Hewlett-Packard Company will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Advisory as soon as possible.
PROBLEM: | Trusted systems may have vulnerabilities if a password field in /etc/passwd is blank. |
PLATFORM: | HP-9000 Series700/800 running release HP-UX 11.X only. |
DAMAGE: | Increase of privileges. |
SOLUTION: | Verify that all entries in /etc/passwd have "*" in the password field if the system is trusted. |
I.
- Background
Each password field in /etc/passwd should be "*" in a trusted system. This is normally handled automatically. One way for the password field to be set to a blank is to create a system image of a trusted system with Ignite-UX and not save /etc/passwd. By default Ignite-UX omits /etc/passwd.
- Fixing the problem
In a trusted system if the system or the /etc/passwd file has been restored, verify that the password fields in /etc/passwd are "*". If Ignite-UX is used to create an image of a trusted system, _override_the_default_ so that /etc/passwd is saved in the image. See man(1M) make_sys_image and note the -f file option.
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC
(GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: | cert-nl@surfnet.nl | ATTENDED REGULARLY ALL DAYS |
Phone: | +31 302 305 305 | BUSINESS HOURS ONLY |
Fax: | +31 302 305 329 | BUSINESS HOURS ONLY |
Snailmail: | SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands |
. |
NOODGEVALLEN: 06 22 92 35 64 ALTIJD
BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING
WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER.
CERT-NL WILL THEN CONTACT YOU.
|